CVE-2026-25605 Siemens CVE debrief

Who should care

Organizations using Siemens SICAM SIAPP SDK, especially product teams, system integrators, and operators responsible for deployments where local access or service availability is critical.

Technical summary

According to the CISA-corroborated Siemens advisory, the affected application performs file deletion without properly validating the file path or target. The advisory maps the issue to CVSS v3.1 AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H, indicating local attack conditions with high complexity but no required privileges or user interaction. The practical impact is integrity and availability loss through deletion of files or sockets the process can access. Siemens remediation is to update to V2.1.7 or later.

Defensive priority

Medium — prioritize remediation in any environment where the SDK is deployed and service disruption from local misuse would be operationally significant.

Recommended defensive actions

• Update Siemens SICAM SIAPP SDK to V2.1.7 or later.
• Inventory products and systems that embed or depend on the affected SDK version.
• Review local access controls and apply least privilege so the process can remove only what it must.
• Monitor for unexpected file or socket deletion behavior in affected deployments.
• Use standard ICS defense-in-depth practices, including segmentation and hardening, to reduce blast radius if a local misuse path exists.

Evidence notes

CISA’s republished advisory ICSA-26-076-04 lists CVE-2026-25605 for Siemens SICAM SIAPP SDK and states that versions before 2.1.7 are affected. The published date is 2026-03-10 and the advisory was republished/modified by CISA on 2026-03-17. The advisory text describes improper validation of the file path or target during file deletion, with potential denial of service or service disruption. The provided remediation is to update to V2.1.7 or later.

Official resources